Reply To: OCU ISSO D Week 02 Lesson 05 Discussion

Marcena Davis

NIST Cybersecurity Framework
ISO/IEC 27001:2013

1. NIST Cybersecurity Framework
The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a comprehensive approach to managing cybersecurity risks. It is a risk-based framework that is used by organizations to identify, assess, and manage cybersecurity risks to their operations and assets. The framework consists of five core functions: Identify, Protect, Detect, Respond, and Recover.

The Identify function helps organizations to understand their assets, systems, data, and capabilities. This is important because it provides a foundation for developing an effective cybersecurity risk management strategy. The Protect function involves implementing safeguards to protect critical infrastructure and sensitive data. The Detect function focuses on identifying cyber threats and vulnerabilities to the organization. The Respond function outlines the procedures to be followed in the event of a cybersecurity incident. The Recover function involves restoring normal operations after a cybersecurity incident has occurred.

You can learn more about the NIST Cybersecurity Framework by reading the official documentation available on the NIST website.

2. ISO/IEC 27001:2013
ISO/IEC 27001:2013 is a globally recognized information security management standard. It provides a systematic approach to managing information security risks. The standard provides a framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

The standard consists of 14 control categories and 35 control objectives. These categories and objectives are used to help organizations identify and implement appropriate controls to manage their information security risks. Some of the key control categories include Information Security Policies, Organization of Information Security, Asset Management, Access Control, Cryptography, Physical and Environmental Security, and Incident Management.

ISO/IEC 27001:2013 is a comprehensive framework that provides a structured approach to managing information security risks. You can learn more about the standard by reading the official documentation available on the ISO website.

Overall, both of these frameworks are widely recognized and used by organizations around the world to manage cybersecurity risks and protect their assets.

“CISSO_Student_Workbook_v19_vol2.”, Accessed 16 Apr. 2023.
“OCU Information Systems Security Officer D.” Mile2 Cybersecurity Certifications, Accessed 16 Apr. 2023.


Please Note:

The support ticket system is for technical questions and post-sale issues.


If you have pre-sale questions please use our chat feature or email .

Cybersecurity Certifications for Today's INFOSEC Careers

Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.


Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range.  We train students in penetration testing,disaster recovery, incident handling, and network forensics.  Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.  



We've developed training for...

Canada Army Navy Airforce

The Canadian Department of National Defense


The United States Air Force

Defense Logistics Agency

A United States Counterintelligence Agency

Texas Workforce Commission

Texas Workforce Commission

error: Alert: Content is protected !!